Hi Eric,
Today's linux-next merge of the selinux tree got a conflict in
security/selinux/hooks.c between commit eb9ae686507b ("SELinux: Add new
labeling type native labels") from Linus' tree and commits 40d3d0b85fa2
("SELinux: remove crazy contortions around proc") and a64c54cf0811
("SELinux: pass a superblock to security_fs_use") from the selinux tree.
I fixed it up (see below) and can carry the fix as necessary (no action
is required).
P.S. Unusually, that commit from Linus' tree has no Signed-off-by from
its purported author (David Quigley).
--
Cheers,
Stephen Rothwell [email protected]
diff --cc security/selinux/hooks.c
index a5091ec,4fbf2c5..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -680,21 -702,14 +712,19 @@@ static int selinux_set_mnt_opts(struct
if (strcmp(sb->s_type->name, "proc") == 0)
sbsec->flags |= SE_SBPROC;
- /* Determine the labeling behavior to use for this filesystem type. */
- rc = security_fs_use(sb);
- if (rc) {
- printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
- __func__, sb->s_type->name, rc);
- goto out;
+ if (!sbsec->behavior) {
+ /*
+ * Determine the labeling behavior to use for this
+ * filesystem type.
+ */
- rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
- "proc" : sb->s_type->name,
- &sbsec->behavior, &sbsec->sid);
++ rc = security_fs_use(sb);
+ if (rc) {
+ printk(KERN_WARNING
+ "%s: security_fs_use(%s) returned %d\n",
+ __func__, sb->s_type->name, rc);
+ goto out;
+ }
}
-
/* sets the context of the superblock for the fs being mounted. */
if (fscontext_sid) {
rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
@@@ -2629,11 -2589,15 +2659,11 @@@ static int selinux_inode_init_security(
isec->initialized = 1;
}
- if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
+ if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
return -EOPNOTSUPP;
- if (name) {
- namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
- if (!namep)
- return -ENOMEM;
- *name = namep;
- }
+ if (name)
+ *name = XATTR_SELINUX_SUFFIX;
if (value && len) {
rc = security_sid_to_context_force(newsid, &context, &clen);
I guess my signed off got stripped somewhere. Originally I maintained those commits but Steve Dickson from red hat picked them up and they then made it into trond's tree and then into Linus'.
I unfortunately don't have my davequigley.com identities on my iPhone but you can add a sign off by [email protected] for the commit.
Sent from my iPhone
On Jul 25, 2013, at 8:48 PM, Stephen Rothwell <[email protected]> wrote:
> Hi Eric,
>
> Today's linux-next merge of the selinux tree got a conflict in
> security/selinux/hooks.c between commit eb9ae686507b ("SELinux: Add new
> labeling type native labels") from Linus' tree and commits 40d3d0b85fa2
> ("SELinux: remove crazy contortions around proc") and a64c54cf0811
> ("SELinux: pass a superblock to security_fs_use") from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).
>
> P.S. Unusually, that commit from Linus' tree has no Signed-off-by from
> its purported author (David Quigley).
> --
> Cheers,
> Stephen Rothwell [email protected]
> diff --cc security/selinux/hooks.c
> index a5091ec,4fbf2c5..0000000
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -680,21 -702,14 +712,19 @@@ static int selinux_set_mnt_opts(struct
> if (strcmp(sb->s_type->name, "proc") == 0)
> sbsec->flags |= SE_SBPROC;
>
> - /* Determine the labeling behavior to use for this filesystem type. */
> - rc = security_fs_use(sb);
> - if (rc) {
> - printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
> - __func__, sb->s_type->name, rc);
> - goto out;
> + if (!sbsec->behavior) {
> + /*
> + * Determine the labeling behavior to use for this
> + * filesystem type.
> + */
> - rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
> - "proc" : sb->s_type->name,
> - &sbsec->behavior, &sbsec->sid);
> ++ rc = security_fs_use(sb);
> + if (rc) {
> + printk(KERN_WARNING
> + "%s: security_fs_use(%s) returned %d\n",
> + __func__, sb->s_type->name, rc);
> + goto out;
> + }
> }
> -
> /* sets the context of the superblock for the fs being mounted. */
> if (fscontext_sid) {
> rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
> @@@ -2629,11 -2589,15 +2659,11 @@@ static int selinux_inode_init_security(
> isec->initialized = 1;
> }
>
> - if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
> + if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
> return -EOPNOTSUPP;
>
> - if (name) {
> - namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
> - if (!namep)
> - return -ENOMEM;
> - *name = namep;
> - }
> + if (name)
> + *name = XATTR_SELINUX_SUFFIX;
>
> if (value && len) {
> rc = security_sid_to_context_force(newsid, &context, &clen);
Hi David,
On Thu, 25 Jul 2013 21:22:48 -0700 David Quigley <[email protected]> wrote:
>
> I guess my signed off got stripped somewhere. Originally I maintained those commits but Steve Dickson from red hat picked them up and they then made it into trond's tree and then into Linus'.
>
> I unfortunately don't have my davequigley.com identities on my iPhone
> but you can add a sign off by [email protected] for the commit.
Noone can, it is set in stone in Linus' tree, now. My comment was just a
heads up that something went wrong in the process.
--
Cheers,
Stephen Rothwell [email protected]